Sensitive Values
Secrets for Sensitive Values
To manage sensitive information such as the Appcircle initial user password, SSL certificates, and other secrets, it is recommended to use Kubernetes secrets. This ensures that sensitive data is stored securely and can be accessed by applications running within the cluster in a controlled manner. Some settings like SMTP can be configured either through Kubernetes secrets during initial deployment or directly from the Appcircle Dashboard after installation.
The configurations for secret values should be done before the first deployment and cannot be changed later. To modify these settings, you should uninstall Appcircle and redeploy it.
The commands below assume you have already created a namespace for Appcircle. If you haven’t yet, you can create the Appcircle namespace using the following commands:
# Create the namespace
kubectl create namespace appcircle
Make sure to replace appcircle
with your preferred namespace name if necessary.
You can follow the steps below to create a secret for each sensitive value.
If the HISTCONTROL
environment variable is set to ignoreboth
, commands with a leading space character will not be stored in the shell history. This allows you to create secrets safely without storing sensitive information in the shell history.
Appcircle initial user password
- Create a secret with the name
${releaseName}-auth-keycloak-passwords
containing theinitialPassword
andadminPassword
keys.
In the example, appcircle-server
is used as the release name. Make sure to replace it with your actual release name if it's different.
kubectl create secret generic appcircle-server-auth-keycloak-passwords \
--from-literal=initialPassword=Test1234 \
--from-literal=adminPassword=KeycloakAdminPassword1234 \
-n appcircle
- Remove the
.auth.auth-keycloak.initialPassword
and.auth.auth-keycloak.adminPassword
keys from thevalues.yaml
file if they exist.
SMTP password
Starting from the server version 3.28.2
, SMTP settings can be configured and updated directly from the Appcircle Dashboard. This is the recommended approach for managing SMTP settings as it allows you to update the configuration at any time without requiring server reset.
See the email integration document for more information about the SMTP configuration.
See the version history to find out the minimum required Helm chart version for the server.
If you prefer to configure SMTP via Kubernetes secrets during initial deployment:
- Create a secret with the name
${releaseName}-smtp
containing thepassword
key.
In the example, appcircle-server
is used as the release name. Make sure to replace it with your actual release name if it's different.
kubectl create secret generic appcircle-server-smtp \
--from-literal=password="superSecretSMTPPassword" \
-n appcircle
- Remove the
.global.mail.smtp.password
key from thevalues.yaml
file if it exists.
Even if you initially configure SMTP using Kubernetes secrets, you can still use the Appcircle Dashboard for subsequent updates.
But keep in mind that beforehand you should remove the relevant settings from the server configuration effectively, which requires you to apply configuration changes.
SSL certificate
- Create a secret with the name
appcircle-tls-wildcard
containing thetls.crt
,tls.key
andca.crt
keys.
The name appcircle-tls-wildcard
is reserved and cannot be changed.
kubectl create secret generic appcircle-tls-wildcard \
--from-file=tls.crt='fullchain.crt' \
--from-file=tls.key='private.key' \
--from-file=ca.crt='root-ca.crt' \
--type=kubernetes.io/tls \
-n appcircle
- Remove the
.global.tlsWildcard
key from thevalues.yaml
file if it exists.
Apply Configuration Changes
To apply configuration changes to the Appcircle server installation, update the Helm release with the new configuration using the following command:
The namespace, release name, and Helm repository name in the example command below are written for the example installation document. If you have changed these values while installing the Appcircle server, adjust the values if required.
helm upgrade appcircle-server appcircle/appcircle \
-n appcircle \
-f values.yaml
Need help?
Get help from Appcircle's support team, or see how others are using Appcircle by joining our Slack Channel.